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HI, THIS iS 
YOOR SONS SCHOOL 
WE'RE HWING SOKE 
COflPUT^ TOBLE- 




i 



OH, DEAR - DID HE 
BREAK SDftETHlND? 



IN A WAV- 





Havij 




Target: 



http : //www .target, co m/i n d e x. a sp? i d = 1 2 3 



F~l Keyword: Auto Detect 
Data Base: 



Auto Detect 



□ Syntax: Auto Detect 
Method: 



GET ▼ 



Type: 



Auto Detect r 



Post Data: 



Analyze Pause 
Load Save 



About 



Info 



Tables 



ReadFfres Cm d Shell 



Query 



Find Admin 



MD5 



Settings 



Havij -Advanced SQL Injection Tool 




Version 1.14 
Cracked by: 
Soul Zero 



Pro 



htt p : //ITS ecTeam.com 
http://forum.Itsecteam.com 



info@itsecteam.com 

Data Bases: 
MsSQL with error 
MsSQL no error 
MsSQL Blind 
MsSQL time based 
Ms Access 
MsAccess Blind 



Check for update 



Status: I'm IDLE 



Clear Log 
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DID VW 
WflEW SON 

Roberta DROP 

Table 5^^-- ? 



OH, YES L/TTlE 
BOBBY TABLES, 
WE CALL Hlrt. 




WELL UEVE LOST THIS 

VEW^STUPENT RECORDS. 
I HOPE YrTL/RE rWV 



AND I HOPE 
WVE LEARNED 

TO SWmZE WR 

PAWCE INPUTS. 
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^u+omot+iis SQL inieo+ion 

+ 4- • + + 

takeover +00! 
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• 97% of data breach cases worldwide involve SQL injection 
attacks somewhere down the line. 



• On average the cost of data breach response and 
remediation is between $194 - $222 per record. 



• As of July 9 th , privacyrights.org cites 330 breaches in 2012 
effecting 18.6 million records. 

(datalossdb.org reports much higher at 723 breaches thus far) 





Historical response is costly 




Fly a bunch of consultants to a data center 




They image the server 




Analyze the logs 




Determine what was exfiltrated from reviewing those 
logs. 




Typically running SQL commands against SQL server 





Only going to get costlier 
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SQLRelnjector 
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c=\ C:\WINDOWS\system32\cmd.exe 



Microsoft Win do us [Uersion 5.2.3790] 
<C> Copyright 1985-2003 Microsoft Corp. 

C:\Documents and Sett ings\fldministrator>c :\python27\python .exe "C:\Documents ; 
Sett ings\fldministrator\Desktop\sqlRein jector .py ,p 

mm a ■■ 

No xnput log passed 

usage: sqlEe injector. py [-h] [-i I NLOG ] [-d DEFILE] [-w WEBSITE] [-j] [-c] 

[-k KNOUNCOOD] [-e COOKIE] 

I 

Replay an SQL injection attack from logs 

opt ional arguments : 

-h, — help show this help message and exit 

-i I NLOG, — inLog I NLOG 

Input appache log file parse 
-d DEFILE, — dbFile DEFILE 

Database log file to write out to 
-u WEBSITE, — uebsite WEBSITE 

Website to run against. Form of http: //hostname 
-j, — hauijParser Parse the returned data to reassemble Hauij output 

-c, — compareToGood Compare the returned data to a known good webpage to 

further automate identification of SQLi returned data 
-k KNOWNGOOD, — knounGood KNOWNGOOD 

Known good webpage to compare to 
-e COOKIE, —cookie COOKIE 

cookie 



C:\Documents and Sett ings\fldministrator> 
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github.com/strozfriedberg 
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QUESTIONS? 






Bibliography and Thanks 



°8o88 STROZ FRIEDBERG 

O 




Exploits of a Mom / Little Bobby Tables by Randall Munroe 
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sqlmap by Bernardo Damele A.G. and Miroslav Stampar 

- http://sqlmap.org/ 
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Apache Log Parsing 

- apachelog Python Module, http://code.google.eom/p/apachelogA hfuecks@gmail.com; 

- Apache-LogRegex Module, search. cpan.org/dist/Apache-LogRegex/, Peter Hickman; 
Virtualization of Forensic Images 

- LiveView, http://liveview.sourceforge.netA CERT Software Engineering Institute 
Replaying SQL Injection Attacks 

- Bret Padres, http://cyberspeak.libsyn.com 
Injection Attack and Data Theft Statistics 

- Neira Jones, Barclay Card http://news.techworld.com/security/3331283/barclays-97- 
percent-of-data-breaches-still-due-to-sql-injection/ 
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